CVE-2012-5975
04.12.2012, 23:55
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ssh | tectia_server | 6.0.4 |
| ssh | tectia_server | 6.0.5 |
| ssh | tectia_server | 6.0.6 |
| ssh | tectia_server | 6.0.7 |
| ssh | tectia_server | 6.0.8 |
| ssh | tectia_server | 6.0.9 |
| ssh | tectia_server | 6.0.10 |
| ssh | tectia_server | 6.0.11 |
| ssh | tectia_server | 6.0.12 |
| ssh | tectia_server | 6.0.13 |
| ssh | tectia_server | 6.0.14 |
| ssh | tectia_server | 6.0.17 |
| ssh | tectia_server | 6.0.18 |
| ssh | tectia_server | 6.0.19 |
| ssh | tectia_server | 6.0.20. |
| ssh | tectia_server | 6.1.0 |
| ssh | tectia_server | 6.1.1 |
| ssh | tectia_server | 6.1.2 |
| ssh | tectia_server | 6.1.3 |
| ssh | tectia_server | 6.1.4 |
| ssh | tectia_server | 6.1.5 |
| ssh | tectia_server | 6.1.6 |
| ssh | tectia_server | 6.1.7 |
| ssh | tectia_server | 6.1.8 |
| ssh | tectia_server | 6.1.9 |
| ssh | tectia_server | 6.1.12 |
| ssh | tectia_server | 6.2.0 |
| ssh | tectia_server | 6.2.1 |
| ssh | tectia_server | 6.2.2 |
| ssh | tectia_server | 6.2.3 |
| ssh | tectia_server | 6.2.4 |
| ssh | tectia_server | 6.2.5 |
| ssh | tectia_server | 6.3.0 |
| ssh | tectia_server | 6.3.1 |
| ssh | tectia_server | 6.3.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References